Password Demand Laws - A Fallen Tree In An Empty Forest
If a tree falls in a forest and no one is around to hear it, does it make a sound? Far be it from me to start your work week off with a digression on George Berkeley 18th Century philosophies, but really: If the legislature passes a law to impose penalties for conduct and no one is engaging in the conduct, does it make an impact?
This past May, Maryland became the first state to do it. And, in August, Illinois became the second. Continuing in the “everybody does it” category, California has now become the third state to sign into law a “Facebook password demand law.” My question to the remaining 47 states: If all the other states jumped off the Brooklyn Bridge, would you do that too?
The snide (yet still somewhat witty) sarcasm aside, the California “solution” to the “problem” is not particularly novel. Its new law prohibits employers from requiring or requesting that an employee or applicant provide a social media username or password. Employers also cannot discipline, fire or otherwise retaliate against an individual for refusing to disclose his or her username or password when the requirement or request violates this law.
There are, however, two exceptions. First, an employer maintains its “existing rights and obligations” to request the disclosure of personal social media that is “relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations[.]” Second, an employer also may still require or request a username or password for the purpose of accessing a device that is owned and issued by the employer. Interestingly, the new California law does not contain a provision that had existed in earlier versions of the bill; namely, some protection from negligent hire claims for employers who do not use social media to obtain background information on a particular individual.
The California law appears to take effect immediately/
Employer Take Away: What should you as an employer take away from this development?
I’m not suggesting that employers necessarily should be able to condition one’s job status on providing potentially personal social media information. But this latest state law seems to be a solution with no real, true problem. In fact, when I bring up this “Facebook password demand” issue with clients and seminar audiences, the overwhelming reaction seems to be: “Are people really doing that?”
Still, we’re about reporting on developments, even when it no longer appears to be a development that will stir things up a lot. I just don’t think that many employers are out there demanding that applicants or current employees provide their Facebook passwords, or else. So perhaps these legislatures can switch gears to address real solutions to real problems in this area. Like a legislative fix to the avalanche that has become the NLRB’s position on all things social media (more on that tomorrow). Or, a legislative solution for those employers who walk the tightrope between getting sued for discrimination because they learned too much from social media, and getting sued for negligent hiring because they didn’t search for enough information.
In the end, if you’re in Maryland, Illinois, and now California, don’t demand social media passwords. For the rest of you, your tree will likely be falling soon. If you’re still listening.